sshpass: An Excellent Tool for Non-Interactive SSH Login – Never Use on Production Server

In most cases, Linux system administrators login to remote Linux servers using SSH either by supplying a password, or passwordless SSH login, or keybased SSH authentication.

What if you want to supply a password along with username to SSH prompt itself? this is where sshpass comes to rescue.

sshpass is a simple and lightweight command line tool that enables us to provide password (non-interactive password authentication) to the command prompt itself, so that automated shell scripts can be executed to take backups via cron scheduler.

ssh uses straight TTY access to make sure that the password is actually supplied by an interactive keyboard user. Sshpass runs ssh in a devoted tty, mislead it into believing that it is receiving the password from an interactive user.

Important: Using sshpass considered to be least secure, as it reveals the password to all system users on the command line with simple “ps” command. I highly recommend using SSH Passwordless authentication.

How to Use sshpass in Linux

sshpass is used together with ssh, you can view all the sshpass usage options with full descriptions by issuing the command below:

$ sshpass -h

sshpass Help

Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used

As I mentioned before, sshpass is more reliable and useful for scripting purposes, consider the example commands below.

For more usage, I suggest you to read through the sshpass man page, type:

$ man sshpass

In this article, we explained sshpass a simple tool that enables non-interactive password authentication. Although, this tools may be helpful, it is highly recommended to use ssh’s more secure public key authentication mechanism.

Please, do leave a question or comment via the feedback section below for any further discussions.

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

From what I see the most secure use case for sshpass is to supply a file password (-f option) with chmod 400 passwd_file and a proper owner. And if you want to be more secure, maybe you can use a openvpn tunnel for the remote host and some iptables rules to restrict the ip source of the sshpass host.

Anyway, you need to use the right tool for your landscape and sometimes functionality is more important than security ; )